Privacy Policy
This privacy policy applies to all my personal self-hosted web sites or as stated otherwise. Sites with specific privacy requirements or data collection have their own sections outlinng these at the end of the policy.
Telemetry
All my web sites use telemetry to collect information on how they are used and general site health. The following events will collect telemetry:
- Page Load
- Open/Close Popup Section
- Button Click to Access External Site
- Error Page Load
This is powered by the Application Insights service (part of Azure Monitor) on Microsoft Azure. All Application Insights resources are hosted within the UK South region in Microsoft Azure. The data collected are only visible to me as part of my personal Microsoft Azure account and subscription.
As part of the telemetry, the following personal information is collected and is retained for 90 days:
Data | Example |
---|---|
Date & Time | 27/03/2021, 10:30:00 (Local Time) |
Device Type & Model | Browser, Other |
Operating System | macOS 10.15 |
Browser Version | Safari 14.0 |
IP Address | 127.0.0.1 |
City, State/Province, Country/Region | Wimbledon, London, United Kingdom |
Each telemetry event is assigned a session and user ID by Application Insights, however, these are comprised of random numbers, letters and special characters and cannot be used to identify a user personally.
I only use these data for the purpose of monitoring how the site is used and do not share it with any other individual or organisation.
Please note that I do not collect telemetry from 3rd party widgets used on my sites, self-hosted or otherwise, however they may collect their own data. Please refer to the privacy policies of these providers for more information:
- Google Maps
- MarineTraffic
- SoundCloud
- Windy.com
Authentication & Authorisation
This section only applies to sites which require visitors to sign in via authentication and authorisation to access restricted functionality. This does not apply to those sites if signing in is not required.
All authentication and authorisation is managed by Azure Active Directory on Microsoft Azure and all sign in and sign out operations are performed using the processes and user interfaces from Microsoft.
Signing into one of my sites requires an existing Microsoft account, either a personal account or a work or school account. Granting access is a manual process done by me which starts with an invite to the "BWHazel Online Services" organisation, identified by the URL bwhazel.onmicrosoft.com. When a visitor accepts this invite his or her Microsoft account is added as a guest user to this organisation. Granting access to specific sites is also a manual process done by me which involves adding the guest user to Azure Active Directory groups.
Adding a Microsoft account as a guest user requires me to know the visitor's name and e-mail address of the Microsoft account. This information is only used be me to add the user to the "BWHazel Online Services" organisation and is not shared with any other individual or organisation. The guest user is not a new account but grants access to the existing Microsoft account. Said account can be managed in exactly the same way as before, including changing of passwords, without any knowledge by me. No passwords are stored for guest users in the "BWHazel Online Services" organisation.
By default all sites which use authentication and authorisation have access to the following permissions from a user account via the Microsoft Graph:
- openid: Signs users in using a work or school account and grants an application to see basic user profile information.
- profile: Grants an application to see basic profile information (name, picture, username).
- User.Read: Signs users in and grants the application to read profile information, including company details.
Individual sites may require additional permissions and have different uses for user account data. These are defined for each site as required in sections below.
It is the visitor's responsibility to ensure his or her account is properly secured and that it is appropriate for said account to be used, especially if it is not a personal account. All visitors added as guest users agree to acceptable and respectful use of restricted functionality and must not use them for illegal or inappropriate activities. I reserve the right to revoke access, temporarily or permanently, to any guest user at any time from any single, multiple or all sites if a visotor fails to comply with these statements.
Legacy Sites
This section applies to all sites marked as "LEGACY" on the Sites page.
Cookies
These sites use cookies as part of its operation to work correctly. No personal information is collected in the cookies which are used to maintain the view state of the site when navigating from one page to another.
Travel Blog
The travel blog is hosted by Google Blogger and is therefore covered by the privacy policy of that site. Please refer to that policy for more information.
Any personal information on the travel blog is included with the explicit permission of the individuals concerned for the purpose of posting travel updates. This information is only intended to be used for posting travel updates and I do not share this information with other individuals or organisations.